I have been using EFS for a while to store my shared application data. Generally speaking it is good in terms of scalability and performance. My concern is mostly around the security, as it only uses security group to control the access. It is a risk if it is used in a multi-tenants environments, as there is no granular access control to the directories on the same EFS.
AWS had this concern as well I think. Otherwise they wont release a new feature 🙂 – New for Amazon EFS – IAM Authorization and Access Points
In short, now you are able to use IAM to control the (read/write/root) access to the EFS, and use Access Point to control who (uid, gid) have what (file system path) permissions (e.g 644). The best practice is to use both to meet the security requirements at different layers.
Sample command:
sudo mount -t efs -o iam,tls,accesspoint=fsap-0204ce67a2208742e fs-d1188b58 /mnt/shared
Jackie Chen's IT Workshop 